123 matches found
CVE-2013-4724
DDSN Interactive cm3 Acora CMS 6.0.6/1a, 6.0.2/1a, 5.5.7/12b, 5.5.0/1b-p1, and possibly other versions, does not include the HTTPOnly flag in a Set-Cookie header for an unspecified cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to...
CVE-2014-3867
The Meeting Server in IBM Sametime 8.x through 8.5.2.1 and 9.x through 9.0.0.1 does not include the HTTPOnly flag in a Set-Cookie header for an unspecified cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie, a different...
Design/Logic Flaw
The Meeting Server in IBM Sametime 8.x through 8.5.2.1 and 9.x through 9.0.0.1 does not include the HTTPOnly flag in a Set-Cookie header for an unspecified cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie, a different...
Multiple Vulnerabilities in Eventum
High-Tech Bridge Security Research Lab discovered vulnerability in Eventum, which can be exploited to reinstall and compromise vulnerable application. 1 Incorrect Default Permissions in Eventum: CVE-2014-1631 The vulnerability exists due to incorrect default permission set for installation script...
PT-2013-65: Sensitive Information Disclosure in Jetty
The specialists of the Positive Research center have detected a Sensitive Information Disclosure vulnerability in Jetty on Windows. The system does not consider that NTFS allows users to address files with extended syntax, while matching the requested resource URL with locations defined in web...
Firefox 17.0.1 Flash Privileged Code Injection
This exploit gains remote code execution on Firefox 17 and 17.0.1, provided the user has installed Flash. No memory corruption is used. First, a Flash object is cloned into the anonymous content of the SVG "use" element in the This module requires Metasploit: https://metasploit.com/download Curre...
Design/Logic Flaw
IBM Lotus Notes 8.5.x before 8.5.3 FP3 does not include the HTTPOnly flag in a Set-Cookie header for a web-application cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie, aka SPRs JMAS7TRNLN and SRAO8U3Q68...
CVE-2011-4765
The Site Editor aka SiteBuilder feature in Parallels Plesk Small Business Panel 10.2.0 does not include the HTTPOnly flag in a Set-Cookie header for a cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie, as demonstrated b...
CVE-2011-4850
The Control Panel in Parallels Plesk Panel 10.4.4build20111103.18 does not include the HTTPOnly flag in a Set-Cookie header for a cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie, as demonstrated by cookies used by...
CVE-2011-4756
Parallels Plesk Small Business Panel 10.2.0 does not include the HTTPOnly flag in a Set-Cookie header for a cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie, as demonstrated by cookies used by domains/sitebuilderedit.p...
Code injection
The Site Editor aka SiteBuilder feature in Parallels Plesk Small Business Panel 10.2.0 does not include the HTTPOnly flag in a Set-Cookie header for a cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie, as demonstrated b...
Code injection
Parallels Plesk Small Business Panel 10.2.0 does not include the HTTPOnly flag in a Set-Cookie header for a cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie, as demonstrated by cookies used by domains/sitebuilderedit.p...
Code injection
The Server Administration Panel in Parallels Plesk Panel 10.2.0build1011110331.18 does not include the HTTPOnly flag in a Set-Cookie header for a cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie, as demonstrated by...
Design/Logic Flaw
The Control Panel in Parallels Plesk Panel 10.4.4build20111103.18 does not include the HTTPOnly flag in a Set-Cookie header for a cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie, as demonstrated by cookies used by...
CVE-2011-4850
The Control Panel in Parallels Plesk Panel 10.4.4build20111103.18 does not include the HTTPOnly flag in a Set-Cookie header for a cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie, as demonstrated by cookies used by...
Microsoft Internet Explorer Shift JIS字符编码信息泄露漏洞
Bugtraq ID: 49032 CVE ID:CVE-2011-1962 Microsoft Internet Explorer是一款流行的WEB浏览器。 Microsoft Internet Explorer Shift JIS字符编码处理存在安全问题,允许脚本访问其他域或Internet Explorer域中敏感信息。攻击者可以向WEB站点注入特制字符串来利用此楼哦的那个,当用户查看WEB站点时泄露敏感信息 Microsoft Internet Explorer 9 Microsoft Internet Explorer 8 Microsoft Internet Explorer...
CVE-2011-1245
Microsoft Internet Explorer 6 and 7 does not properly restrict script access to content from a 1 different domain or 2 different zone, which allows remote attackers to obtain sensitive information via a crafted web site, aka "Javascript Information Disclosure Vulnerability."...
Information disclosure
Microsoft Internet Explorer 6 and 7 does not properly restrict script access to content from a 1 different domain or 2 different zone, which allows remote attackers to obtain sensitive information via a crafted web site, aka "Javascript Information Disclosure Vulnerability."...
CVE-2011-1245
Microsoft Internet Explorer 6 and 7 does not properly restrict script access to content from a 1 different domain or 2 different zone, which allows remote attackers to obtain sensitive information via a crafted web site, aka "Javascript Information Disclosure Vulnerability."...
Flash Player (Flash6.ocx) Denial Of Service
PARAM NAME="AllowScriptAccess"...